Showing papers on "Key escrow published in 1995"

Internationally regulated system for one to one cryptographic communications with national sovereignty without key escrow

Abstract: An encryption method and apparatus for generating an encrypted message which is controllably decryptable, comprising providing at least one agency public key to at least one decrypting agency entity respectively and to each of a first plurality of subscriber entities and to each of a second plurality of regulator entities, providing an ID, a public key and a private key for each of the first plurality of subscribers and each of the second plurality of regulators, for each subscriber entity and for each regulator entity, employing at least one agency public key to encrypt the entity's private key and for each individual subscriber entity and for each individual regulator entity, generating a certificate attesting, for all other entities, to the individual entity's status, ID, public key and encrypted private key.

Differential work factor cryptography method and system

Abstract: Differential work factor cryptographic method, system, and data structure for reducing but not eliminating the work factor required by an authority to break an encrypted message encrypted with a secret encryption key. The secret key is split into at least two partial keys such that knowledge of a first of the partial keys reduces but does not eliminate the work factor required to break the encrypted message. The first partial key is encrypted using a public key of the authority. The encrypted first partial key is provided with the encrypted message to enable the authority, upon obtaining the message, to decrypt the encrypted first partial key using the authority's private key and to break the message using the first partial key. In preferred embodiments, the first partial key is encrypted with additional information which can be reconstructed by the recipient, such as a hash of the secret encryption key, a hash of the secret key concatenated with a salt, all or part of the salt, and control information. The use of a hash function provides one method of enforcing the partial key system. If a salt is used, the salt is also encrypted with the secret key encrypted using the intended recipient's public key. The invention provides secure communications against attackers while satisfying governmental restrictions on the use, export or import of strong encryption products.

Escrow Encryption Systems Visited: Attacks, Analysis and Designs

Abstract: The Escrow Encryption Standard and its realization - the Clipper chips - suggest a new type of encryption scheme. We present a few basic and somewhat subtle issues concerning escrow encryption systems. We identify and perform attacks on the actual Clipper and other recent designs (fair cryptosystems, TIS software escrow, etc.). We review requirements and concerns and suggest design approaches to systems with desired properties of key escrow.

A Simple Method for Generating and Sharing Pseudo-Random Functions, with Applications to Clipper-like Escrow Systems

Abstract: We present a very simple method for generating a shared pseudo-random function from a poly-random collection of functions. We discuss the applications of our construction to key escrow.

Securing traceability of ciphertexts: towards a secure software key escrow system

Abstract: The Law Enforcement Agency Field (LEAF), which in Clipper is appended to the ciphertext, allows the Law Enforcement Agency to trace the sender and receiver. To prevent users of Clipper to delete the LEAF, the Clipper decryption box will not decrypt if the correct LEAF is not present. Such a solution requires the implementation to be tamperproof. In this paper we propose an alternative approach to achieve traceability. Our solution is based on the computational complexity of some well known problems in number theory. So, our scheme does not require a tamperproof implementation, nor a secret algorithm. Its applications extend beyond key escrow.

Failsafe key escrow system

Abstract: A method for establishing a cryptographic key for a user is of the type wherein data permitting establishment of the key is escrowed. The method involves having the user provide a user seed value (11); having an authority provide an authority seed value (15); and generating a cryptographic key (111) as a non-degenerate function of the user and authority seed values. Also provided is a method for establishing secret public cryptographic keys for a user, of the type wherein data permitting establishment of the secret key is escrowed (151); in this method, the secret (111) and public cryptographic keys (19) are generated as first and second non-degenerate functions of the user and authority seed values. Related methods can be used to establish secret and public cryptographic keys for a user.

A Key Escrow System with Warrant Bounds

Abstract: We propose a key escrow system that permits warrants for the interception and decryption of communications for arbitrary time periods, and with either one or two communicating parties specified as the target. The system is simple and practical, and affords reasonable protection against misuse. We argue that use of such a system can produce both greater privacy protection and more effective law enforcement than we now enjoy.

The Metaphor is the Key: Cryptography, the Clipper Chip and the Constitution

Abstract: Part I of this Article describes advances in encryption technology that are increasing personal privacy, particularly electronic privacy, but reducing the US government's ability to wiretap telephones, read e-mail surreptitiously, and decrypt computer disks and other encrypted information Specifically, Part I focuses on the Escrowed Encryption Standard (EES), to be implemented in the Clipper Chip and other similar devices Part II examines the legal justifications and constitutional implications of the EES proposal It argues that the EES proposal violates the spirit, although not the letter, of the Administrative Procedures Act and represents an abuse of the technical standard-setting process Part III considers the constitutional implications of the more radical proposal that some commentators find implicit in the policies animating Clipper: requiring all users of strong encryption to register their ciphers' keys with the government Part III concludes that although mandatory key escrow would infringe personal privacy, reduce associational freedoms, potentially chill speech, constitute a potentially unreasonable search, and might even require a form of self-incrimination, the constitutionality of mandatory key escrow legislation remains a distressingly close question under existing doctrinesPart IV addresses the cryptography controversy as an example of the law's occasionally awkward response to a new technology Finally, the Technical Appendix discusses modern cryptographic systems, including the widely-used Data Encryption Standard (DES), and how they can (at least theoretically) be broken by attackers armed with large numbers of relatively modest computers It also provides an introduction to public-key cryptosystems and to digital signatures, which could represent the most important commercial application of modern cryptographic techniques

Fair Cryptosystems, Revisited

Abstract: Recently, there has been a surge of interest in key-escrow systems, from the popular press to the highest levels of governmental policy-making. Unfortunately, the field of key-escrow has very little rigorous foundation, leaving open the possibility of a catastrophic security failure. As an example, we demonstrate a critical weakness in Micali’s Fair Public Key Cryptosystem (FPKC) protocols. Micali’s FKPC protocols have been licensed to the United States Government for use with the Clipper project, and were considered to be a leading contender for software-based key escrow. In the paper, we formally model both the attack and what it means to defend against the attack, and we present an alternative protocol with more desirable security properties.

A Rigorous Approach to Key-Escrow (Extended Abstract)

Abstract: Recently, there has been a surge of interest in key-escrow systems, from the popular press to the highest levels of governmental policy-making. Unfortunately, the field of key-escrow has very little rig- orous foundation, leaving open the possibility of a catastrophic security failure. As an example, we demonstrate a critical weakness in Micali's Fair Public Key Cryptosystem (FPKC) protocols. Micali's FKPC pro- tocols have been licensed to the United States Government for use with the Clipper project, and were considered to be a leading contender for software-based key escrow. In the paper, we formally model both the attack and what it means to defend against the attack, and we present an alternative protocol with more desirable security properties.

The Metaphor Is the Key: Cryptography, the Clipper Chip, and the Constitution

Abstract: Part I of this Article describes advances in encryption technology that are increasing personal privacy, particularly electronic privacy, but reducing the U.S. government's ability to wiretap telephones, read e-mail surreptitiously, and decrypt computer disks and other encrypted information. Specifically, Part I focuses on the Escrowed Encryption Standard (EES), to be implemented in the Clipper Chip and other similar devices. Part II examines the legal justifications and constitutional implications of the EES proposal. It argues that the EES proposal violates the spirit, although not the letter, of the Administrative Procedures Act and represents an abuse of the technical standard-setting process. Part III considers the constitutional implications of the more radical proposal that some commentators find implicit in the policies animating Clipper: requiring all users of strong encryption to register their ciphers' keys with the government. Part III concludes that although mandatory key escrow would infringe personal privacy, reduce associational freedoms, potentially chill speech, constitute a potentially unreasonable search, and might even require a form of self-incrimination, the constitutionality of mandatory key escrow legislation remains a distressingly close question under existing doctrines.Part IV addresses the cryptography controversy as an example of the law's occasionally awkward response to a new technology. Finally, the Technical Appendix discusses modern cryptographic systems, including the widely-used Data Encryption Standard (DES), and how they can (at least theoretically) be broken by attackers armed with large numbers of relatively modest computers. It also provides an introduction to public-key cryptosystems and to digital signatures, which could represent the most important commercial application of modern cryptographic techniques.

Fair Cryptosystems, Revisited: A Rigorous Approach to Key-Escrow (Extended Abstract)

Abstract: Recently, there has been a surge of interest in key-escrow systems, from the popular press to the highest levels of governmental policy-making. Unfortunately, the field of key-escrow has very little rigorous foundation, leaving open the possibility of a catastrophic security failure. As an example, we demonstrate a critical weakness in Micali's Fair Public Key Cryptosystem (FPKC) protocols. Micali's FKPC protocols have been licensed to the United States Government for use with the Clipper project, and were considered to be a leading contender for software-based key escrow. In the paper, we formally model both the attack and what it means to defend against the attack, and we present an alternative protocol with more desirable security properties.

Building in Big Brother: The Cryptographic Policy Debate

Abstract: I Background.- 1 Cryptography (From Julius Caesar through Public Key Cryptosystems): Methods to Keep Secrets Secret.- 1 Encryption.- 2 Data Encryption Devices: Overview Technology Analysis.- 3 Answers to Frequently Asked Questions about Today's Cryptography.- 4 Cryptography in Public: A Brief History.- 5 Internet Privacy Enhanced Mail.- 6 Privacy in Today's Wireless Environment.- 7 Federal Information Processing Standards Publication 186(1994 May 19): Specifications for the Digital Signature Standard (DSS).- 8 Federal Information Processing Standards Publication 180(1993 May 11): Specifications for the Secure Hash Standard (SHS).- 9 Pretty Good Privacy: Public Key Encryption for the Masses.- 2 Key Escrow Cryptosystems: Keeping Secrets Secret Except When...- 1 The U.S. Key Escrow Encryption Technology.- 2 SKIPJACK Review: Interim Report.- 3 Protocol Failure in the Escrowed Encryption Standard.- 4 CAPSTONESChip Technology.- 5 Fair Crptosystems.- 6 Software Key Escrow: A Better Solution for Law Enforcement's Needs?.- 7 A New Approach to Software Key Escrow Encryption.- 8 International Key Escrow Encryption:Proposed Objectives and Options.- II Current Government Policy.- 3 The U.S. Government Policy Solution: Key Escrow Cryptosystems, Policies, Procedures, and Legislation.- 1 Statement of the Press Secretary.- 2 Statement of the vice President.- 3 Vice President's Letter to Representatative Maria Cantwell.- 4 Encryption-Export Control Reform.- 5 Attorney General Makes Key Escrow Announcements.- 6 Authorization Procedures for Release of Encryption Key Components in Conjunction with Intercepts Pursuant to Title III and FISA.- 7 Encryption Standards and Procedures Act of 1994.- 8 Comments on Encryption Standards and Procedures Act.- 4 The Policy Debate: How Controlled a Global Information Infrastructure do We Want, and Who Decides?.- 1 The Cypherpunks vs. Uncle Sam.- 2 Testimony Before the Subcommittee on Technology, Environment, and Aviation of the Committee on Science, Space, and Technology of the U.S. House of Representatives.- 3 Wiretaps for a Wireless Age.- 4 Don't Worry Be Happy.- 5 So, People, We Have a Fight on Our Hands.- 6 Jackboots on the Infobahn.- 7 'Secret' Agency Steps Over the Line.- 8 A Closer Look on Wiretapping.- III Aspects of Cryptographic Policy.- 5 Law Enforcement: What Does It Cost to Commit a Perfect Crime?.- 1 Digital Telephony and Communications Privacy Improvement Act of 1994.- 2 Summary Statement before the Subcommittee on Technology and the Law of the Committee on the Judiciary, United State Senate and the Subcommittee on Civil and Constitutional Rights of the Committee on the Judiciary, House of Representatives.- 3 EFF Statement on and Analysis of Digital Telephony Act.- 4 EPIC Statement on Wiretap Bill.- 5 Benefits and Costs of Legislation to Ensure the Government's Continued Capability to Investigate Crime with the Implementation of New Telecommunications Technologies.- 6 Digital Telephony - Cost-Benefit Analysis.- 7 Digital Telephony - Cost-Benefit Analysis.- 8 Digital Telephony - Cost-Benefit Analysis.- 6 Civil Liberties: Safeguarding Privacy (and More) in a Digital, Tappable Age.- 1 The Impact of a Secret Cryptographic Standard on Encryption, Privacy, Law Enforcement and Technology.- 2 Genie Is Out of the Bottle.- 3 DPSWG Letter to President Clinton on Clipper.- 4 Cryptographic Issue Statements: Letter to the Computer System Security and Privacy Advisory Board.- 5 The Constitutionality of Mandatory Key Escrow-A First Look.- 6 Review and Analysis of U.S. Laws, Regulations, and Case Laws Pertaining to the Use of Commercial Encryption Products for Voice and Data Communications.- 7 On Blind Signatures and Perfect Crimes.- 7 Export Policy: Prudent Controls in a Risky World or Making the World Safe for Foreign Competition?.- 1 Encryption's International Labyrinth.- 2 Federal Policy Impact on U.S. Corporate Vulnerability to Economic Espionage.- 3 Testimony Before the Committee on the Judiciary Subcommittee on Technology and the Law of the United States Senate.- 4 Technology and Software Controls.- 5 State Department Ruling on Cryptographic Export Media.- 6 Constitutionality Under the First Amendment of ITAR Restrictions on Public Cryptography.- Afterword.- List of Acronyms.

Cryptographic system and method with key escrow feature

Abstract: The invention provides a cryptographic system and method with a key escrow feature that uses a method for verifiably splitting users' private encryption keys into components and for sending those components to trusted agents chosen by the particular users, and provides a system that uses modern public key certificate management, enforced by a chip device that also self-certifies. In a preferred embodiment of this invention, the chip encrypts or decrypts only if certain conditions are met, namely, (1) if a valid 'sender certificate' and a valid 'recipient certificate' are input, where 'valid' means that the particular user's private decryption key is provably escrowed with a specified number of escrow agents and that the master escrow center is registered and certified by the chip manufacturer, and (2) if a valid Message Control Header is generated by the sender and validated by the recipient, thereby giving authorized investigators sufficient information with which to request and obtain the escrowed keys. A further preferred embodiment of this invention provides a method for generating verifiably trusted communications among a plurality of users, comprising the steps of escrowing at a trusted escrow center a plurality of asymmetric cryptographic keys to be used by a plurality of users; verifying each of said plurality of keys at the escrow center; certifying the authorization of each of said plurality of keys upon verification; and initiating a communication from each of said plurality of users using a respective one of said plurality of keys contingent upon said certification.

A new approach to software key escrow encryption

Abstract: The major deficiency ascribed to key escrow techniques when they are implemented solely in software is that they can be bypassed or subverted relatively easily and thus cannot be relied upon to meet the objectives of law enforcement that motivate the Clipper Initiative. Further, no technique has been proposed that addresses the issues associated with the implementation of a classified encyption algorithm, such as the Skipjack algorithm embodied in the Clipper chip, in a widely used software product.

A New Key Escrow Cryptosystem

Abstract: The Escrowed Encryption Standard (EES) proposed by U.S. government has gained much attention in the last two years. It was claimed that EES can provide cryptographic protection to unclassified, sensitive data, while at the same time, allow for the decryption of encrypted messages when lawfully authorized. Later, some criticism was proposed to reveal the weakness of the EES proposal.

System and method for key escrow and data escrow encryption

Abstract: A system and method for key escrow and data escrow cryptography are described. In key escrow cryptography, only public escrow keys are stored in the sender and the receiver. The sender encrypts a message using a secret session key (KS), and generates an encrypted leaf verification string (ELVS) and a first law enforcement access field (LEAF). The receiver generates a second LEAF for comparison with the first LEAF. In data escrow cryptography, an encrypting user generates a data recovery field (DRF), that includes an access rule index (ARI) and a user's secret (US). To recover US, a decrypting user sends the DRF to a data recovery center (DRC) that issues a challenge based on access rules (ARs) identified by the ARI. If the decrypting user meets the challenge, the DRC sends US to the decrypting user.

Securing Traceability of Ciphertexts - Towards a Secure Software Key Escrow System (Extended Abstract).

Abstract: The Law Enforcement Agency Field (LEAF), which in Clipper is appended to the ciphertext, allows the Law Enforcement Agency to trace the sender and receiver. To prevent users of Clipper to delete the LEAF, the Clipper decryption box will not decrypt if the correct LEAF is not present. Such a solution requires the implementation to be tamperproof. In this paper we propose an alternative approach to achieve traceability. Our solution is based on the computational complexity of some well known problems in number theory. So, our scheme does not require a tamperproof implementation, nor a secret algorithm. Its applications extend beyond key escrow.

A Mechanized Logic for Secure Key Escrow Protocol Verification

Abstract: Reasoning about key escrow protocols has increasingly become an important issue. The Escrowed Encryption Standard (EES) has been proposed as a US government standard for the encryption of unclassified telecommunications. One unique feature of this system is key escrow. The purpose of key escrow is to allow government access to session keys shared by EES devices. We develop a framework to formally specify and verify the correctness of key escrow protocols that we mechanize within the HOL theorem proving system. Our logic closely follows the logic, SVO, used for analyzing cryptographic protocols which was developed by Syverson and vanOorschot [13]. Using the HOL mechanization of SVO, we formally demonstrate the failure of the EES key escrow system by showing that it does not insure that the escrow agent receives correct information. This was previously shown experimentally [2]. Last, we offer an alternative escrow protocol and demonstrate its correctness.

Commercial Key Escrow: An Australian Perspective

Abstract: “Commercial Key Escrow (CKE)”, and an earlier “Software Key Escrow (SKE) scheme, have been proposed by Trusted Information Systems Inc. (TIS) in the USA as a possible compromise scheme to meet the demands of commerce and industry for new levels of information security, particularly transaction and message confidentiality in an international and national networked environment, while meeting law enforcement demands for continued effectiveness of telecommunications line-tapping ability. These latter requirements relate to the perceived need by law enforcement agencies to make use of legitimate authorised linetapping capabilities for the gathering of appropriate intelligence and/or evidence for the purpose of fulfilling perceived roles in the protection of society from criminal activity against the potential case where such line-taps produce intercepts that are encrypted. CKE, involving the incorporation of software based cryptography in computer and network systems with associated key recovery data transmitted during data network activity and provision of “Data Recovery Centres (DRC)”, is seen as presenting a new solution to the problems encountered in the USA with the “Clipper” initiative in that country announced in 1993.

Encryption and the Gloval Information Infrastructure: An Australian Perspective

Abstract: Debate on encryption in Global Information Infrastructures has been complicated by issues relating to law enforcement. This paper looks at a technique for limiting the use of anonymous cash for illicit purposes to an acceptable level. It also argues that the majority of users will not require high level encryption systems to protect their privacy and hence would not require the keys to their encryption schemes to be escrowed. It proposes a scheme of Differential Key Escrow (DKE) where only the keys of high level encryption systems used by government and larger corporations would be held in escrow by the organisation.

Advances in cryptology--CRYPTO '95 : 15th Annual International Cryptology Conference, Santa Barbara, California, USA, August 27-31, 1995 : proceedings

Abstract: MAC and Hash.- MDx-MAC and Building Fast MACs from Hash Functions.- XOR MACs: New Methods for Message Authentication Using Finite Pseudorandom Functions.- Bucket Hashing and its Application to Fast Message Authentication.- Number Theory I.- Fast Key Exchange with Elliptic Curve Systems.- Fast Server-Aided RSA Signatures Secure Against Active Attacks.- Security and Performance of Server-Aided RSA Computation Protocols.- Oblivious Transfer.- Efficient Commitment Schemes with Bounded Sender and Unbounded Receiver.- Precomputing Oblivious Transfer.- Committed Oblivious Transfer and Private Multi-Party Computation.- On the Security of the Quantum Oblivious Transfer and Key Distribution Protocols.- Cryptanalysis I.- How to Break Shamir's Asymmetric Basis.- On the Security of the Gollmann Cascades.- Improving the Search Algorithm for the Best Linear Expression.- On Differential and Linear Cryptanalysis of the RC5 Encryption Algorithm.- Key Escrow.- A Simple Method for Generating and Sharing Pseudo-Random Functions, with Applications to Clipper-like Key Escrow Systems.- A Key Escrow System with Warrant Bounds.- Fair Cryptosystems, Revisited.- Escrow Encryption Systems Visited: Attacks, Analysis and Designs.- Protocols.- Robustness Principles for Public Key Protocols.- Cryptanalysis II.- Cryptanalysis of the Matsumoto and Imai Public Key Scheme of Eurocrypt'88.- Cryptanalysis Based on 2-Adic Rational Approximation.- A Key-schedule Weakness in SAFER K-64.- Cryptanalysis of the Immunized LL Public Key Systems.- Zero Knowledge, Interactive Protocols.- Secure Signature Schemes based on Interactive Protocols.- Improved Efficient Arguments.- Honest Verifier vs Dishonest Verifier in Public Coin Zero-Knowledge Proofs.- Secret Sharing.- Proactive Secret Sharing Or: How to Cope With Perpetual Leakage.- Secret Sharing with Public Reconstruction.- On General Perfect Secret Sharing Schemes.- Number Theory II.- NFS with Four Large Primes: An Explosive Experiment.- Some Remarks on Lucas-Based Cryptosystems.- Secret Sharing II.- Threshold DSS Signatures without a Trusted Party.- t-Cheater Identifiable (k, n) Threshold Secret Sharing Schemes.- Everything Else.- Quantum Cryptanalysis of Hidden Linear Functions.- An Efficient Divisible Electronic Cash Scheme.- Collusion-Secure Fingerprinting for Digital Data.

Towards a Secure Software Key Escrow System* (Extended Abstract)

Abstract: The Law Enforcement Agency Field (LEAF), wliicli in Clip- per is appended to the ciphertext, allows the Law Enforcement Agency to trace the sender and receiver. To prevent users of Clipper to delete the T,EAF, the Clipper decryption box will not decrypt if the correct LEAF is not present. Such a solution requires the implementation to be tamperproof. In this paper we propose an alternative approach to achieve traceabil- ity. Our solution is based on the computational complexity of some well known problems in number theory. So, our scheme does not require a tamperproof implementation, nor a secret algorithm. Its applications ex- tend beyond key escrow.

Something for Everyone Now and for the Future

Abstract: Summary A tension has been growing for the past twenty years between the interests of the public to protect its sensitive information and the interests of governments to access the information of their adversaries. The Clipper Key Escrow program, introduced by the U.S. Government in 1993, was an attempt to overcome this tension by giving the public good cryptography while retaining for law enforcement the ability to decrypt communications when authorized. But Clipper has many problems that make it unattractive to the public. The basic concepts of key escrow are very attractive to individuals and organizations who fear the consequences of losing their encryption keys. A key escrow system that satisfies the concerns of individuals and corporations and also meets governments' interests could help resolve this growing national tension. This paper reviews the reasons for this tension and the evolution of software key escrow systems. It then examines the variety of alternative key escrow systems and describes why the government must take urgent steps to promote commercial key escrow before serious and permanent harm is done to government's law enforcement and national security interests.

Key Escrow Cryptosystems

Abstract: Key escrow systems are those where part or all of the cryptographic keys are kept “in escrow” by third parties. The keys are released only upon proper authority to allow some person other than the original sender or receiver to read the message. The U. S. government is strongly supporting key escrow as a way to balance the needs for secrecy between communicating persons against the needs of law enforcement and national security agencies to sometimes read these encrypted communications (with proper legal authority). This chapter presents the technical aspects of the Clipper Chip, the U.S. Government’s first proposed key escrow system. It also mentions how Clipper fits into other proposed government cryptosystems and then presents a more general view of key escrow cryptosystems.